Set password of an sso user to never expire

Posted on May 4, 2018

In vCenter, users created on the vSphere SSO domain (vphere.local by default) all share the same password policy defined in Single Sign-On > Configuration > Policies > Password Policy with a default password expiration after 90 days. For “interactive” users it’s probably a good thing to keep them on their game, but if you are using sso users for services (not that you should, that’s what AD service accounts are for but you know…) their password will expire after 90 days and the service will break. Note that you can change the password policy to “never expire” by setting it to 0 day.

There is a way to force the password of an SSO user to never expire with the dir-cli command line tool on the vCenter server.